Merge pull request #819 from timofurrer/feature/align-access-level-794

Aligns the *Access Level* situation in this providers with the upstream API. Closes #794

Author: armsnyder

docs/resources/branch_protection.md

@@ -58,9 +58,9 @@ resource "gitlab_branch_protection" "main" {
 ### Required
 
 - **branch** (String) Name of the branch.
-- **merge_access_level** (String) Access levels allowed to merge. Valid values are: `no one`, `developer`, `maintainer`, `admin`.
+- **merge_access_level** (String) Access levels allowed to merge. Valid values are: `no one`, `developer`, `maintainer`.
 - **project** (String) The id of the project.
-- **push_access_level** (String) Access levels allowed to push. Valid values are: `no one`, `developer`, `maintainer`, `admin`.
+- **push_access_level** (String) Access levels allowed to push. Valid values are: `no one`, `developer`, `maintainer`.
 
 ### Optional
 

docs/resources/group_ldap_link.md

@@ -16,7 +16,7 @@ This resource allows you to add an LDAP link to an existing GitLab group.
 resource "gitlab_group_ldap_link" "test" {
   group_id      = "12345"
   cn            = "testuser"
-  access_level  = "developer"
+  group_access  = "developer"
   ldap_provider = "ldapmain"
 }
 ```
@@ -26,14 +26,15 @@ resource "gitlab_group_ldap_link" "test" {
 
 ### Required
 
-- **access_level** (String) Acceptable values are: guest, minimal, reporter, developer, maintainer, owner.
 - **cn** (String) The CN of the LDAP group to link with.
 - **group_id** (String) The id of the GitLab group.
 - **ldap_provider** (String) The name of the LDAP provider as stored in the GitLab database.
 
 ### Optional
 
+- **access_level** (String, Deprecated) Minimum access level for members of the LDAP group. Valid values are: `no one`, `minimal`, `guest`, `reporter`, `developer`, `maintainer`, `owner`, `master`
 - **force** (Boolean) If true, then delete and replace an existing LDAP link if one exists.
+- **group_access** (String) Minimum access level for members of the LDAP group. Valid values are: `no one`, `minimal`, `guest`, `reporter`, `developer`, `maintainer`, `owner`, `master`
 - **id** (String) The ID of this resource.
 
 ## Import

docs/resources/group_membership.md

@@ -26,7 +26,7 @@ resource "gitlab_group_membership" "test" {
 
 ### Required
 
-- **access_level** (String) Acceptable values are: guest, minimal, reporter, developer, maintainer, owner.
+- **access_level** (String) Access level for the member. Valid values are: `no one`, `minimal`, `guest`, `reporter`, `developer`, `maintainer`, `owner`, `master`.
 - **group_id** (String) The id of the group.
 - **user_id** (Number) The id of the user.
 

docs/resources/group_share_group.md

@@ -26,7 +26,7 @@ resource "gitlab_group_share_group" "test" {
 
 ### Required
 
-- **group_access** (String) One of five levels of access to the group.
+- **group_access** (String) The access level to grant the group. Valid values are: `no one`, `minimal`, `guest`, `reporter`, `developer`, `maintainer`, `owner`, `master`
 - **group_id** (String) The id of the main group.
 - **share_group_id** (Number) The id of an additional group which will be shared with the main group.
 

docs/resources/project_membership.md

@@ -31,7 +31,7 @@ resource "gitlab_project_membership" "example" {
 
 ### Required
 
-- **access_level** (String) One of five levels of access to the project.
+- **access_level** (String) The access level for the member. Valid values are: `no one`, `minimal`, `guest`, `reporter`, `developer`, `maintainer`, `master`
 - **project_id** (String) The id of the project.
 - **user_id** (Number) The id of the user.
 

docs/resources/project_share_group.md

@@ -16,7 +16,7 @@ This resource allows you to share a project with a group
 resource "gitlab_project_share_group" "test" {
   project_id   = "12345"
   group_id     = 1337
-  access_level = "guest"
+  group_access = "guest"
 }
 ```
 
@@ -25,12 +25,13 @@ resource "gitlab_project_share_group" "test" {
 
 ### Required
 
-- **access_level** (String) One of five levels of access to the project.
 - **group_id** (Number) The id of the group.
 - **project_id** (String) The id of the project.
 
 ### Optional
 
+- **access_level** (String, Deprecated) The access level to grant the group for the project. Valid values are: `no one`, `minimal`, `guest`, `reporter`, `developer`, `maintainer`, `master`
+- **group_access** (String) The access level to grant the group for the project. Valid values are: `no one`, `minimal`, `guest`, `reporter`, `developer`, `maintainer`, `master`
 - **id** (String) The ID of this resource.
 
 ## Import

docs/resources/tag_protection.md

@@ -25,7 +25,7 @@ resource "gitlab_tag_protection" "TagProtect" {
 
 ### Required
 
-- **create_access_level** (String) One of five levels of access to the project.
+- **create_access_level** (String) Access levels which are allowed to create. Valid values are: `no one`, `developer`, `maintainer`.
 - **project** (String) The id of the project.
 - **tag** (String) Name of the tag or wildcard.
 

examples/resources/gitlab_group_ldap_link/resource.tf

@@ -1,6 +1,6 @@
 resource "gitlab_group_ldap_link" "test" {
   group_id      = "12345"
   cn            = "testuser"
-  access_level  = "developer"
+  group_access  = "developer"
   ldap_provider = "ldapmain"
 }

examples/resources/gitlab_project_share_group/resource.tf

@@ -1,5 +1,5 @@
 resource "gitlab_project_share_group" "test" {
   project_id   = "12345"
   group_id     = 1337
-  access_level = "guest"
+  group_access = "guest"
 }

gitlab/access_level_helpers.go

@@ -0,0 +1,73 @@
+package gitlab
+
+import (
+	"github.com/xanzy/go-gitlab"
+)
+
+// NOTE:
+// The access level story in the GitLab API is a bit tricky.
+// There are different resources using the same access level names
+// with an identical mapping to int ids. As also defined in the
+// `gitlab.AccessLevelValue` types. However, different endpoints
+// allow all of them or just a subset. There is also endpoints
+// defining an additional `admin` access level, which is nowhere
+// documented and probably not used at all - this provider ignores it.
+// Point being, be careful when using them in a resource or data source
+// and consult the upstream API docs to verify what's possible and keep
+// your fingers crossed it's correct :)
+
+// see the source of truth for `accessLevelNameToValue` and `accessLevelValueToName`
+// here: https://docs.gitlab.com/ee/api/members.html#valid-access-levels
+var validGroupAccessLevelNames = []string{
+	"no one",
+	"minimal",
+	"guest",
+	"reporter",
+	"developer",
+	"maintainer",
+	"owner",
+
+	// Deprecated and should be removed in v4 of this provider
+	"master",
+}
+var validProjectAccessLevelNames = []string{
+	"no one",
+	"minimal",
+	"guest",
+	"reporter",
+	"developer",
+	"maintainer",
+
+	// Deprecated and should be removed in v4 of this provider
+	"master",
+}
+
+// NOTE(TF): the documentation here https://docs.gitlab.com/ee/api/protected_branches.html
+//           mentions an `60 => Admin access` level, but it actually seems to not exist.
+//           Ignoring here that I've every read about this ...
+var validProtectedBranchTagAccessLevelNames = []string{
+	"no one", "developer", "maintainer",
+}
+
+var accessLevelNameToValue = map[string]gitlab.AccessLevelValue{
+	"no one":     gitlab.NoPermissions,
+	"minimal":    gitlab.MinimalAccessPermissions,
+	"guest":      gitlab.GuestPermissions,
+	"reporter":   gitlab.ReporterPermissions,
+	"developer":  gitlab.DeveloperPermissions,
+	"maintainer": gitlab.MaintainerPermissions,
+	"owner":      gitlab.OwnerPermission,
+
+	// Deprecated and should be removed in v4 of this provider
+	"master": gitlab.MaintainerPermissions,
+}
+
+var accessLevelValueToName = map[gitlab.AccessLevelValue]string{
+	gitlab.NoPermissions:            "no one",
+	gitlab.MinimalAccessPermissions: "minimal",
+	gitlab.GuestPermissions:         "guest",
+	gitlab.ReporterPermissions:      "reporter",
+	gitlab.DeveloperPermissions:     "developer",
+	gitlab.MaintainerPermissions:    "maintainer",
+	gitlab.OwnerPermissions:         "owner",
+}